{"id":2308,"date":"2017-06-09T10:19:41","date_gmt":"2017-06-09T02:19:41","guid":{"rendered":"http:\/\/cn.hostease.com\/xueyuan\/?p=2308"},"modified":"2017-06-09T10:19:41","modified_gmt":"2017-06-09T02:19:41","slug":"ssh_scan%ef%bc%9a%e8%bf%9c%e7%a8%8b%e9%aa%8c%e8%af%81%e4%bd%a0-ssh-%e6%9c%8d%e5%8a%a1%e7%9a%84%e9%85%8d%e7%bd%ae%e5%92%8c%e7%ad%96%e7%95%a5","status":"publish","type":"post","link":"https:\/\/cn.hostease.com\/xueyuan\/jishu\/linux\/ssh_scan%ef%bc%9a%e8%bf%9c%e7%a8%8b%e9%aa%8c%e8%af%81%e4%bd%a0-ssh-%e6%9c%8d%e5%8a%a1%e7%9a%84%e9%85%8d%e7%bd%ae%e5%92%8c%e7%ad%96%e7%95%a5\/","title":{"rendered":"ssh_scan\uff1a\u8fdc\u7a0b\u9a8c\u8bc1\u4f60 SSH \u670d\u52a1\u7684\u914d\u7f6e\u548c\u7b56\u7565"},"content":{"rendered":"<p><code>ssh_scan<\/code> \u662f\u4e00\u4e2a\u9762\u5411 Linux \u548c UNIX \u670d\u52a1\u5668\u7684\u6613\u7528\u7684 SSH \u670d\u52a1\u53c2\u6570\u914d\u7f6e\u548c\u7b56\u7565\u7684\u626b\u63cf\u5668\u7a0b\u5e8f\uff0c\u5176\u601d\u8def\u6765\u81eaMozilla OpenSSH \u5b89\u5168\u6307\u5357\uff0c\u8fd9\u4e2a\u6307\u5357\u4e3a SSH \u670d\u52a1\u53c2\u6570\u914d\u7f6e\u63d0\u4f9b\u4e86\u4e00\u4e2a\u53ef\u9760\u7684\u5b89\u5168\u7b56\u7565\u57fa\u7ebf\u7684\u5efa\u8bae\uff0c\u5982\u52a0\u5bc6\u7b97\u6cd5\uff08Ciphers\uff09\uff0c\u62a5\u6587\u8ba4\u8bc1\u4fe1\u606f\u7801\u7b97\u6cd5\uff08MAC\uff09\uff0c\u5bc6\u94a5\u4ea4\u6362\u7b97\u6cd5\uff08KexAlgos\uff09\u548c\u5176\u5b83\u3002<\/p>\n<p><code>ssh_scan<\/code> \u6709\u5982\u4e0b\u597d\u5904\uff1a<\/p>\n<ul>\n<li>\u5b83\u7684\u4f9d\u8d56\u662f\u6700\u5c0f\u5316\u7684\uff0c<code>ssh_scan<\/code> \u53ea\u5f15\u5165\u4e86\u672c\u5730 Ruby \u548c BinData \u6765\u8fdb\u884c\u5b83\u7684\u5de5\u4f5c\uff0c\u6ca1\u6709\u592a\u591a\u7684\u4f9d\u8d56\u3002<\/li>\n<li>\u5b83\u662f\u53ef\u79fb\u690d\u7684\uff0c\u4f60\u53ef\u4ee5\u5728\u5176\u5b83\u7684\u9879\u76ee\u4e2d\u4f7f\u7528 <code>ssh_scan<\/code> \u6216\u8005\u5c06\u5b83\u7528\u5728\u81ea\u52a8\u5316\u4efb\u52a1\u4e0a\u3002<\/li>\n<li>\u5b83\u662f\u6613\u4e8e\u4f7f\u7528\u7684\uff0c\u53ea\u9700\u8981\u7b80\u5355\u7684\u5c06\u5b83\u6307\u5411\u4e00\u4e2a SSH \u670d\u52a1\u5c31\u53ef\u4ee5\u83b7\u5f97\u4e00\u4e2a\u8be5\u670d\u52a1\u6240\u652f\u6301\u7684\u9009\u9879\u548c\u7b56\u7565\u72b6\u6001\u7684 JSON \u683c\u5f0f\u62a5\u544a\u3002<\/li>\n<li>\u5b83\u540c\u65f6\u4e5f\u662f\u6613\u4e8e\u914d\u7f6e\u7684\uff0c\u4f60\u53ef\u4ee5\u521b\u5efa\u9002\u5408\u4f60\u7b56\u7565\u9700\u6c42\u7684\u7b56\u7565\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3 id=\"toc_1\">\u5982\u4f55\u5728 Linux \u4e0a\u5b89\u88c5 ssh_scan<\/h3>\n<p>\u6709\u5982\u4e0b\u4e09\u79cd\u5b89\u88c5 <code>ssh_scan<\/code> \u7684\u65b9\u5f0f\uff1a<\/p>\n<p>\u4f7f\u7528 Ruby gem \u6765\u5b89\u88c5\u8fd0\u884c\uff0c\u5982\u4e0b\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"pun\">-----------<\/span> <span class=\"pun\">\u5728<\/span> <span class=\"typ\">Debian<\/span><span class=\"pun\">\/<\/span><span class=\"typ\">Ubuntu<\/span> <span class=\"pun\">-----------<\/span> <\/code><\/li>\n<li class=\"L1\"><code><span class=\"pln\">$ <\/span><span class=\"kwd\">sudo<\/span> <span class=\"kwd\">apt-get<\/span><span class=\"pln\"> install rubygems<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"pln\">$ <\/span><span class=\"kwd\">sudo<\/span><span class=\"pln\"> gem install ssh_scan<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"pun\">-----------<\/span> <span class=\"pun\">\u5728<\/span> <span class=\"typ\">CentOS<\/span><span class=\"pun\">\/<\/span><span class=\"pln\">RHEL <\/span><span class=\"pun\">-----------<\/span> <\/code><\/li>\n<li class=\"L4\"><code><span class=\"com\">#<\/span> <span class=\"kwd\">yum<\/span><span class=\"pln\"> install ruby rubygems<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"com\">#<\/span><span class=\"pln\"> gem install ssh_scan<\/span><\/code><\/li>\n<\/ol>\n<p>\u4f7f\u7528docker \u5bb9\u5668\u6765\u8fd0\u884c\uff0c\u5982\u4e0b\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"com\">#<\/span><span class=\"pln\"> docker pull mozilla<\/span><span class=\"pun\">\/<\/span><span class=\"pln\">ssh_scan<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"com\">#<\/span><span class=\"pln\"> docker run <\/span><span class=\"pun\">-<\/span><span class=\"pln\">it mozilla<\/span><span class=\"pun\">\/<\/span><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">\/<\/span><span class=\"pln\">app<\/span><span class=\"pun\">\/<\/span><span class=\"pln\">bin<\/span><span class=\"pun\">\/<\/span><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t github<\/span><span class=\"pun\">.<\/span><span class=\"pln\">com<\/span><\/code><\/li>\n<\/ol>\n<p>\u4f7f\u7528\u6e90\u7801\u5b89\u88c5\u8fd0\u884c\uff0c\u5982\u4e0b\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"com\">#<\/span> <span class=\"kwd\">git<\/span> <span class=\"kwd\">clone<\/span><span class=\"pln\"> https<\/span><span class=\"pun\">:<\/span><span class=\"com\">\/\/github.com\/mozilla\/ssh_scan.git<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"com\">#<\/span> <span class=\"kwd\">cd<\/span><span class=\"pln\"> ssh_scan<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"com\">#<\/span><span class=\"pln\"> gpg2 <\/span><span class=\"pun\">--<\/span><span class=\"pln\">keyserver hkp<\/span><span class=\"pun\">:<\/span><span class=\"com\">\/\/keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"com\">#<\/span><span class=\"pln\"> curl <\/span><span class=\"pun\">-<\/span><span class=\"pln\">sSL https<\/span><span class=\"pun\">:<\/span><span class=\"com\">\/\/get.rvm.io | bash -s stable<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"com\">#<\/span><span class=\"pln\"> rvm install <\/span><span class=\"lit\">2.3<\/span><span class=\"pun\">.<\/span><span class=\"lit\">1<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"com\">#<\/span><span class=\"pln\"> rvm <\/span><span class=\"kwd\">use<\/span> <span class=\"lit\">2.3<\/span><span class=\"pun\">.<\/span><span class=\"lit\">1<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"com\">#<\/span><span class=\"pln\"> gem install bundler<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"com\">#<\/span><span class=\"pln\"> bundle install<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"com\">#<\/span> <span class=\"pun\">.\/<\/span><span class=\"pln\">bin<\/span><span class=\"pun\">\/<\/span><span class=\"pln\">ssh_scan<\/span><\/code><\/li>\n<\/ol>\n<h3 id=\"toc_2\">\u5982\u4f55\u5728 Linux \u4e0a\u4f7f\u7528 ssh_scan<\/h3>\n<p>\u4f7f\u7528 <code>ssh_scan<\/code> \u7684\u8bed\u6cd5\u5982\u4e0b\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"pln\">$ ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"kwd\">ip<\/span><span class=\"pun\">\u5730\u5740<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"pln\">$ ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"pun\">\u4e3b\u673a\u540d<\/span><\/code><\/li>\n<\/ol>\n<p>\u4e3e\u4e2a\u4f8b\u5b50\u6765\u626b\u63cf 192.168.43.198 \u8fd9\u53f0\u670d\u52a1\u5668\u7684 SSH \u914d\u7f6e\u548c\u7b56\u7565\uff0c\u952e\u5165\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"pln\">$ ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"lit\">192.168<\/span><span class=\"pun\">.<\/span><span class=\"lit\">43.198<\/span><\/code><\/li>\n<\/ol>\n<p>\u6ce8\u610f\u4f60\u540c\u65f6\u4e5f\u53ef\u4ee5\u50cf\u4e0b\u65b9\u5c55\u793a\u7684\u7ed9 <code>-t<\/code> \u9009\u9879\u4f20\u5165\u4e00\u4e2a[IP\u5730\u5740\/\u5730\u5740\u6bb5\/\u4e3b\u673a\u540d]\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"pln\">$ ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"lit\">192.168<\/span><span class=\"pun\">.<\/span><span class=\"lit\">43.198<\/span><span class=\"pun\">,<\/span><span class=\"lit\">200<\/span><span class=\"pun\">,<\/span><span class=\"lit\">205<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"pln\">$ ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"kwd\">test<\/span><span class=\"pun\">.<\/span><span class=\"pln\">tecmint<\/span><span class=\"pun\">.<\/span><span class=\"pln\">lan<\/span><\/code><\/li>\n<\/ol>\n<p>\u8f93\u51fa\u793a\u4f8b\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"pln\">I<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">[<\/span><span class=\"lit\">2017<\/span><span class=\"pun\">-<\/span><span class=\"lit\">05<\/span><span class=\"pun\">-<\/span><span class=\"lit\">09T10<\/span><span class=\"pun\">:<\/span><span class=\"lit\">36<\/span><span class=\"pun\">:<\/span><span class=\"lit\">17.913644<\/span> <span class=\"com\">#<\/span><span class=\"lit\">7145<\/span><span class=\"pun\">]<\/span><span class=\"pln\"> INFO <\/span><span class=\"pun\">--<\/span> <span class=\"pun\">:<\/span> <span class=\"typ\">You<\/span><span class=\"str\">'re using the latest version of ssh_scan 0.0.19<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\">[<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> {<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> \"ssh_scan_version\": \"0.0.19\",<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> \"ip\": \"192.168.43.198\",<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> \"port\": 22,<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"server_banner\": \"SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\",<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> \"ssh_version\": 2.0,<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> \"os\": \"ubuntu\",<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> \"os_cpe\": \"o:canonical:ubuntu:16.04\",<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> \"ssh_lib\": \"openssh\",<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\"> \"ssh_lib_cpe\": \"a:openssh:openssh:7.2p2\",<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> \"cookie\": \"68b17bcca652eeaf153ed18877770a38\",<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> \"key_algorithms\": [<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> \"curve25519-sha256@libssh.org\",<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> \"ecdh-sha2-nistp256\",<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"ecdh-sha2-nistp384\",<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> \"ecdh-sha2-nistp521\",<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> \"diffie-hellman-group-exchange-sha256\",<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> \"diffie-hellman-group14-sha1\"<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\"> \"server_host_key_algorithms\": [<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> \"ssh-rsa\",<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> \"rsa-sha2-512\",<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> \"rsa-sha2-256\",<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> \"ecdsa-sha2-nistp256\",<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"ssh-ed25519\"<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> \"encryption_algorithms_client_to_server\": [<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> \"chacha20-poly1305@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> \"aes128-ctr\",<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\"> \"aes192-ctr\",<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> \"aes256-ctr\",<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> \"aes128-gcm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> \"aes256-gcm@openssh.com\"<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"encryption_algorithms_server_to_client\": [<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> \"chacha20-poly1305@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> \"aes128-ctr\",<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> \"aes192-ctr\",<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> \"aes256-ctr\",<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\"> \"aes128-gcm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> \"aes256-gcm@openssh.com\"<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> \"mac_algorithms_client_to_server\": [<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> \"umac-64-etm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"umac-128-etm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> \"hmac-sha2-256-etm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> \"hmac-sha2-512-etm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> \"hmac-sha1-etm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> \"umac-64@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\"> \"umac-128@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> \"hmac-sha2-256\",<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> \"hmac-sha2-512\",<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> \"hmac-sha1\"<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"mac_algorithms_server_to_client\": [<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> \"umac-64-etm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> \"umac-128-etm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> \"hmac-sha2-256-etm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> \"hmac-sha2-512-etm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\"> \"hmac-sha1-etm@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> \"umac-64@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> \"umac-128@openssh.com\",<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> \"hmac-sha2-256\",<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> \"hmac-sha2-512\",<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"hmac-sha1\"<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> \"compression_algorithms_client_to_server\": [<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> \"none\",<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> \"zlib@openssh.com\"<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> \"compression_algorithms_server_to_client\": [<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> \"none\",<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> \"zlib@openssh.com\"<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"languages_client_to_server\": [<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> \"languages_server_to_client\": [<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> \"hostname\": \"tecmint\",<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\"> \"auth_methods\": [<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> \"publickey\",<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> \"password\"<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> \"fingerprints\": {<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"rsa\": {<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> \"known_bad\": \"false\",<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> \"md5\": \"0e:d0:d7:11:f0:9b:f8:33:9c:ab:26:77:e5:66:9e:f4\",<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> \"sha1\": \"fc:8d:d5:a1:bf:52:48:a6:7e:f9:a6:2f:af:ca:e2:f0:3a:9a:b7:fa\",<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> \"sha256\": \"ff:00:b4:a4:40:05:19:27:7c:33:aa:db:a6:96:32:88:8e:bf:05:a1:81:c0:a4:a8:16:01:01:0b:20:37:81:11\"<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\"> }<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> },<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> \"start_time\": \"2017-05-09 10:36:17 +0300\",<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> \"end_time\": \"2017-05-09 10:36:18 +0300\",<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> \"scan_duration_seconds\": 0.221573169,<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"duplicate_host_key_ips\": [<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> \"compliance\": {<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> \"policy\": \"Mozilla Modern\",<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> \"compliant\": false,<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\"> \"recommendations\": [<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"str\"> \"Remove these Key Exchange Algos: diffie-hellman-group14-sha1\",<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"str\"> \"Remove these MAC Algos: umac-64-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, hmac-sha1\",<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"str\"> \"Remove these Authentication Methods: password\"<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"str\"> ],<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"str\"> \"references\": [<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"str\"> \"https:\/\/wiki.mozilla.org\/Security\/Guidelines\/OpenSSH\"<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"str\"> ]<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"str\"> }<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"str\"> }<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"str\">]<\/span><\/code><\/li>\n<\/ol>\n<p>\u4f60\u53ef\u4ee5\u4f7f\u7528 <code>-p<\/code> \u9009\u9879\u6765\u6307\u5b9a\u4e0d\u540c\u7684\u7aef\u53e3\uff0c<code>-L<\/code> \u9009\u9879\u6765\u5f00\u542f\u65e5\u5fd7\u8bb0\u5f55\u914d\u5408 <code>-V<\/code> \u9009\u9879\u6765\u6307\u5b9a\u65e5\u5fd7\u7ea7\u522b\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"pln\">$ ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"lit\">192.168<\/span><span class=\"pun\">.<\/span><span class=\"lit\">43.198<\/span> <span class=\"pun\">-<\/span><span class=\"pln\">p <\/span><span class=\"lit\">22222<\/span> <span class=\"pun\">-<\/span><span class=\"pln\">L <\/span><span class=\"kwd\">ssh<\/span><span class=\"pun\">-<\/span><span class=\"pln\">scan<\/span><span class=\"pun\">.<\/span><span class=\"pln\">log <\/span><span class=\"pun\">-<\/span><span class=\"pln\">V INFO<\/span><\/code><\/li>\n<\/ol>\n<p>\u53e6\u5916\uff0c\u53ef\u4ee5\u4f7f\u7528 <code>-P<\/code> \u6216 <code>--policy<\/code> \u9009\u9879\u6765\u6307\u5b9a\u4e00\u4e2a\u7b56\u7565\u6587\u4ef6\uff08\u9ed8\u8ba4\u662f Mozilla Modern\uff09\uff08LCTT \u8bd1\u6ce8\uff1a\u8fd9\u91cc\u7684 Modern \u53ef\u80fd\u6307\u7684\u662f https:\/\/wiki.mozilla.org\/Security\/Server_Side_TLS \u4e2d\u63d0\u5230\u7684 Modern compatibility \uff09\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"pln\">$ ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"lit\">192.168<\/span><span class=\"pun\">.<\/span><span class=\"lit\">43.198<\/span> <span class=\"pun\">-<\/span><span class=\"pln\">L <\/span><span class=\"kwd\">ssh<\/span><span class=\"pun\">-<\/span><span class=\"pln\">scan<\/span><span class=\"pun\">.<\/span><span class=\"pln\">log <\/span><span class=\"pun\">-<\/span><span class=\"pln\">V INFO <\/span><span class=\"pun\">-<\/span><span class=\"pln\">P <\/span><span class=\"pun\">\/<\/span><span class=\"pln\">path<\/span><span class=\"pun\">\/<\/span><span class=\"pln\">to<\/span><span class=\"pun\">\/<\/span><span class=\"pln\">custom<\/span><span class=\"pun\">\/<\/span><span class=\"pln\">policy<\/span><span class=\"pun\">\/<\/span><span class=\"kwd\">file<\/span><\/code><\/li>\n<\/ol>\n<p>ssh_scan \u4f7f\u7528\u5e2e\u52a9\u4e0e\u5176\u5b83\u793a\u4f8b\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"pln\">$ ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">h<\/span><\/code><\/li>\n<\/ol>\n<p>\u8f93\u51fa\u793a\u4f8b\uff1a<\/p>\n<ol class=\"linenums\">\n<li class=\"L0\"><code><span class=\"pln\">ssh_scan v0<\/span><span class=\"pun\">.<\/span><span class=\"lit\">0.17<\/span> <span class=\"pun\">(<\/span><span class=\"pln\">https<\/span><span class=\"pun\">:<\/span><span class=\"com\">\/\/github.com\/mozilla\/ssh_scan)<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"typ\">Usage<\/span><span class=\"pun\">:<\/span><span class=\"pln\"> ssh_scan <\/span><span class=\"pun\">[<\/span><span class=\"pln\">options<\/span><span class=\"pun\">]<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"pun\">-<\/span><span class=\"pln\">t<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"pln\">target <\/span><span class=\"pun\">[<\/span><span class=\"pln\">IP<\/span><span class=\"pun\">\/<\/span><span class=\"typ\">Range<\/span><span class=\"pun\">\/<\/span><span class=\"typ\">Hostname<\/span><span class=\"pun\">]<\/span><span class=\"pln\"> IP<\/span><span class=\"pun\">\/<\/span><span class=\"typ\">Ranges<\/span><span class=\"pun\">\/<\/span><span class=\"typ\">Hostname<\/span><span class=\"pln\"> to scan<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"pun\">-<\/span><span class=\"pln\">f<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"kwd\">file<\/span> <span class=\"pun\">[<\/span><span class=\"typ\">FilePath<\/span><span class=\"pun\">]<\/span> <span class=\"typ\">File<\/span> <span class=\"typ\">Path<\/span><span class=\"pln\"> of the <\/span><span class=\"kwd\">file<\/span><span class=\"pln\"> containing IP<\/span><span class=\"pun\">\/<\/span><span class=\"typ\">Range<\/span><span class=\"pun\">\/<\/span><span class=\"typ\">Hostnames<\/span><span class=\"pln\"> to scan<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"pun\">-<\/span><span class=\"pln\">T<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"kwd\">timeout<\/span> <span class=\"pun\">[<\/span><span class=\"pln\">seconds<\/span><span class=\"pun\">]<\/span> <span class=\"typ\">Timeout<\/span><span class=\"pln\"> per connect after which ssh_scan gives up on the host<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"pun\">-<\/span><span class=\"pln\">L<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"kwd\">logger<\/span> <span class=\"pun\">[<\/span><span class=\"typ\">Log<\/span> <span class=\"typ\">File<\/span> <span class=\"typ\">Path<\/span><span class=\"pun\">]<\/span> <span class=\"typ\">Enable<\/span> <span class=\"kwd\">logger<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"pun\">-<\/span><span class=\"pln\">O<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"pln\">from_json <\/span><span class=\"pun\">[<\/span><span class=\"typ\">FilePath<\/span><span class=\"pun\">]<\/span> <span class=\"typ\">File<\/span><span class=\"pln\"> to read JSON output <\/span><span class=\"kwd\">from<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"pun\">-<\/span><span class=\"pln\">o<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"pln\">output <\/span><span class=\"pun\">[<\/span><span class=\"typ\">FilePath<\/span><span class=\"pun\">]<\/span> <span class=\"typ\">File<\/span><span class=\"pln\"> to <\/span><span class=\"kwd\">write<\/span><span class=\"pln\"> JSON output to<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"pun\">-<\/span><span class=\"pln\">p<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"pln\">port <\/span><span class=\"pun\">[<\/span><span class=\"pln\">PORT<\/span><span class=\"pun\">]<\/span> <span class=\"typ\">Port<\/span> <span class=\"pun\">(<\/span><span class=\"typ\">Default<\/span><span class=\"pun\">:<\/span> <span class=\"lit\">22<\/span><span class=\"pun\">)<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"pun\">-<\/span><span class=\"pln\">P<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"pln\">policy <\/span><span class=\"pun\">[<\/span><span class=\"pln\">FILE<\/span><span class=\"pun\">]<\/span> <span class=\"typ\">Custom<\/span><span class=\"pln\"> policy <\/span><span class=\"kwd\">file<\/span> <span class=\"pun\">(<\/span><span class=\"typ\">Default<\/span><span class=\"pun\">:<\/span> <span class=\"typ\">Mozilla<\/span> <span class=\"typ\">Modern<\/span><span class=\"pun\">)<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"pun\">--<\/span><span class=\"pln\">threads <\/span><span class=\"pun\">[<\/span><span class=\"pln\">NUMBER<\/span><span class=\"pun\">]<\/span> <span class=\"typ\">Number<\/span><span class=\"pln\"> of worker threads <\/span><span class=\"pun\">(<\/span><span class=\"typ\">Default<\/span><span class=\"pun\">:<\/span> <span class=\"lit\">5<\/span><span class=\"pun\">)<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"pun\">--<\/span><span class=\"pln\">fingerprint<\/span><span class=\"pun\">-<\/span><span class=\"pln\">db <\/span><span class=\"pun\">[<\/span><span class=\"pln\">FILE<\/span><span class=\"pun\">]<\/span> <span class=\"typ\">File<\/span><span class=\"pln\"> location of fingerprint database <\/span><span class=\"pun\">(<\/span><span class=\"typ\">Default<\/span><span class=\"pun\">:<\/span> <span class=\"pun\">.\/<\/span><span class=\"pln\">fingerprints<\/span><span class=\"pun\">.<\/span><span class=\"pln\">db<\/span><span class=\"pun\">)<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"pun\">--<\/span><span class=\"pln\">suppress<\/span><span class=\"pun\">-<\/span><span class=\"pln\">update<\/span><span class=\"pun\">-<\/span><span class=\"pln\">status <\/span><span class=\"typ\">Do<\/span> <span class=\"kwd\">not<\/span><span class=\"pln\"> check <\/span><span class=\"kwd\">for<\/span><span class=\"pln\"> updates<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"pun\">-<\/span><span class=\"pln\">u<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"pln\">unit<\/span><span class=\"pun\">-<\/span><span class=\"kwd\">test<\/span> <span class=\"pun\">[<\/span><span class=\"pln\">FILE<\/span><span class=\"pun\">]<\/span> <span class=\"typ\">Throw<\/span><span class=\"pln\"> appropriate <\/span><span class=\"kwd\">exit<\/span><span class=\"pln\"> codes based on compliance status<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"pun\">-<\/span><span class=\"pln\">V <\/span><span class=\"pun\">[<\/span><span class=\"pln\">STD_LOGGING_LEVEL<\/span><span class=\"pun\">],<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"pun\">--<\/span><span class=\"pln\">verbosity<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"pun\">-<\/span><span class=\"pln\">v<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"pln\">version <\/span><span class=\"typ\">Display<\/span><span class=\"pln\"> just version <\/span><span class=\"kwd\">info<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"pun\">-<\/span><span class=\"pln\">h<\/span><span class=\"pun\">,<\/span> <span class=\"pun\">--<\/span><span class=\"pln\">help <\/span><span class=\"typ\">Show<\/span> <span class=\"kwd\">this<\/span><span class=\"pln\"> message<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"typ\">Examples<\/span><span class=\"pun\">:<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"lit\">192.168<\/span><span class=\"pun\">.<\/span><span class=\"lit\">1.1<\/span><\/code><\/li>\n<li class=\"L0\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t server<\/span><span class=\"pun\">.<\/span><span class=\"pln\">example<\/span><span class=\"pun\">.<\/span><span class=\"pln\">com<\/span><\/code><\/li>\n<li class=\"L1\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"pun\">::<\/span><span class=\"lit\">1<\/span><\/code><\/li>\n<li class=\"L2\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"pun\">::<\/span><span class=\"lit\">1<\/span> <span class=\"pun\">-<\/span><span class=\"pln\">T <\/span><span class=\"lit\">5<\/span><\/code><\/li>\n<li class=\"L3\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">f hosts<\/span><span class=\"pun\">.<\/span><span class=\"pln\">txt<\/span><\/code><\/li>\n<li class=\"L4\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">o output<\/span><span class=\"pun\">.<\/span><span class=\"pln\">json<\/span><\/code><\/li>\n<li class=\"L5\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">O output<\/span><span class=\"pun\">.<\/span><span class=\"pln\">json <\/span><span class=\"pun\">-<\/span><span class=\"pln\">o rescan_output<\/span><span class=\"pun\">.<\/span><span class=\"pln\">json<\/span><\/code><\/li>\n<li class=\"L6\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"lit\">192.168<\/span><span class=\"pun\">.<\/span><span class=\"lit\">1.1<\/span> <span class=\"pun\">-<\/span><span class=\"pln\">p <\/span><span class=\"lit\">22222<\/span><\/code><\/li>\n<li class=\"L7\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"lit\">192.168<\/span><span class=\"pun\">.<\/span><span class=\"lit\">1.1<\/span> <span class=\"pun\">-<\/span><span class=\"pln\">p <\/span><span class=\"lit\">22222<\/span> <span class=\"pun\">-<\/span><span class=\"pln\">L output<\/span><span class=\"pun\">.<\/span><span class=\"pln\">log <\/span><span class=\"pun\">-<\/span><span class=\"pln\">V INFO<\/span><\/code><\/li>\n<li class=\"L8\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"lit\">192.168<\/span><span class=\"pun\">.<\/span><span class=\"lit\">1.1<\/span> <span class=\"pun\">-<\/span><span class=\"pln\">P custom_policy<\/span><span class=\"pun\">.<\/span><span class=\"pln\">yml<\/span><\/code><\/li>\n<li class=\"L9\"><code><span class=\"pln\">ssh_scan <\/span><span class=\"pun\">-<\/span><span class=\"pln\">t <\/span><span class=\"lit\">192.168<\/span><span class=\"pun\">.<\/span><span class=\"lit\">1.1<\/span> <span class=\"pun\">--<\/span><span class=\"pln\">unit<\/span><span class=\"pun\">-<\/span><span class=\"kwd\">test<\/span> <span class=\"pun\">-<\/span><span class=\"pln\">P custom_policy<\/span><span class=\"pun\">.<\/span><span class=\"pln\">yml<\/span><\/code><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>ssh_scan \u662f\u4e00\u4e2a\u9762\u5411 Linux \u548c UNIX \u670d\u52a1\u5668\u7684\u6613\u7528\u7684 SSH \u670d\u52a1\u53c2\u6570\u914d\u7f6e\u548c\u7b56\u7565\u7684\u626b\u63cf\u5668\u7a0b\u5e8f &#8230; <a title=\"ssh_scan\uff1a\u8fdc\u7a0b\u9a8c\u8bc1\u4f60 SSH \u670d\u52a1\u7684\u914d\u7f6e\u548c\u7b56\u7565\" class=\"read-more\" href=\"https:\/\/cn.hostease.com\/xueyuan\/jishu\/linux\/ssh_scan%ef%bc%9a%e8%bf%9c%e7%a8%8b%e9%aa%8c%e8%af%81%e4%bd%a0-ssh-%e6%9c%8d%e5%8a%a1%e7%9a%84%e9%85%8d%e7%bd%ae%e5%92%8c%e7%ad%96%e7%95%a5\/\" aria-label=\"\u9605\u8bfb ssh_scan\uff1a\u8fdc\u7a0b\u9a8c\u8bc1\u4f60 SSH \u670d\u52a1\u7684\u914d\u7f6e\u548c\u7b56\u7565\">\u9605\u8bfb\u66f4\u591a<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[49],"tags":[38,75],"class_list":["post-2308","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux","tag-ssh"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2308","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/comments?post=2308"}],"version-history":[{"count":1,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2308\/revisions"}],"predecessor-version":[{"id":2309,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2308\/revisions\/2309"}],"wp:attachment":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/media?parent=2308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/categories?post=2308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/tags?post=2308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}